1. The Field of the Invention
The present invention relates to methods and systems for enabling a user to access data over a virtual private network. More particularly, the present invention relates to methods and systems for providing a user with controlled mobile remote access to network data over a spontaneous virtual private network.
2. Background and Related Art
In today's business world, many businesses protect their data from unauthorized access by installing firewalls into their network infrastructure. Typically, a firewall is configured to prevent unidentified users from accessing network data from a remote location. Although firewalls are generally very beneficial for enabling a business to have more control over who accesses its network data, they also have the undesirable consequence of disconnecting mobile professionals from critical and urgent business information when they are away from the office or otherwise unable to gain local access to the network data.
To enable a mobile professional to access business information from a remote location, some businesses have installed virtual private networks (VPNs) between the business and designated remote locations, such as from a professional's home or satellite office. The function of a VPN is to open a secure connection between the business network and a designated remote location through the business firewall. Although beneficial for providing remote access to network data, a VPN requires the installation of expensive hardware and/or software at the business network and sometimes at the remote location.
An embodiment of a prior art system and method for enabling remote access to network data over a VPN is shown in FIG. 1. As shown, a user 10 communicates with the business network 12 from a remote location through a VPN tunnel 14. At each end of the VPN tunnel 14 is a VPN node 16, 18. At the business network 12, the VPN node 16 straddles the business network's firewall 20. Network data 22 is transmitted through the firewall 20 at the VPN node 16 and through the VPN tunnel 14 to the user 10. According to the prior art, it is also possible for a remote business 23 to communicate with the business network 12 through a VPN tunnel 24, as shown between VPN node 16 and VPN node 26.
VPN hardware and software employ encryption technology and other security features at the VPN nodes to ensure that data transmitted through a VPN tunnel is not intercepted and that the user or remote business is authorized to access the business network data. The benefits of a VPN, however, are limited to discrete remote locations where the appropriate VPN software and/or hardware is installed. Accordingly, VPNs do not currently provide users with mobile remote access to network data stored behind business firewalls. In particular, a prior art VPN does not enable a user to access network data from a telephone while commuting in a moving vehicle.
There are also consequences associated with establishing a prior art VPN. In particular, a VPN requires a port or hole to be opened in the business firewall so that data can be transmitted between the business network and the remote VPN node. It is over the VPN port that hardware or software must be installed to ensure that only authorized users are provided access to the network data. However, despite the security mechanisms of the VPN to authenticate the identity of the user, the potential for a hacker to obtain unauthorized access to the business network is increased. For instance, a hacker may attack the firewall at the business VPN node or may obtain unauthorized access to network data by hacking into a remote user's computing device at the remote VPN node location. To prevent hackers from gaining access to network data, many businesses install secondary firewalls, so that if a hacker comes through the first firewall, they are more likely to be stopped before they penetrate the secondary firewall.
FIG. 1 illustrates a typical firewall configuration for preventing unauthorized access to network data. This firewall configuration includes a primary firewall 20, a secondary firewall 28, and a demilitarized zone (DMZ) 30, which is the area between the primary firewall 20 and the secondary firewall 28.
Many businesses install proxy servers to intercept and filter data transmitted through the business's firewall infrastructure. Proxy servers are also beneficial for many other reasons, one of which is to enable users to access the Internet from behind a business firewall while enabling a business to limit the Internet sites that can be accessed. Proxy servers also hide the true identity of the Internet user by acting as a proxy in transmitting user requests. By acting as a proxy in transmitting user requests, the proxy server is able to filter user requests so that only qualified requests are honored. In essence, a proxy server can enhance the protection of a firewall infrastructure by prohibiting unauthorized requests from being honored. Proxy servers are particularly important for businesses that permit employees to access the Internet because Internet access requires additional holes or ports to be opened in the firewall infrastructure. Typically these ports include “port 80” and “port 443.” A firewall and proxy server can collectively operate to prevent unauthorized users on the Internet from obtaining control over the business network by ensuring that data transmitted through the ports complies with defined protocols. Even though Internet access initiated from within a business typically requires “port 80” and “port 443” to be opened in the firewall, the potential for a hacker to gain unauthorized remote access to a business network through “port 80” and “port 443” can be substantially limited by using appropriate firewall and proxy server configurations.
The hole created in the firewall by a VPN, however, is difficult to police even with effective VPN hardware and software. A VPN also increases the number of fronts that have to be monitored, including the newly opened VPN port in the business firewall and each of the remote VPN nodes. Accordingly, although VPNs are beneficial for enabling authorized users to access network data from remote locations, VPNs are likewise detrimental for facilitating unauthorized access to network data from remote locations. VPNs make it difficult to police business firewalls, make it difficult to use proxy servers, and in consequence, weaken firewalls and provide users, authorized or not, with too much control over network data. VPNs can also be very expensive to install and maintain. Nevertheless, because of today's business need for mobile professionals to have access to critical and urgent information away from the office, many businesses are willing to expend the resources and take the risks that are associated with establishing VPNs.
In view of the foregoing, there is currently a need in the art for providing mobile professionals with controlled access to network data that is stored behind business firewalls, without weakening the associated firewall infrastructure and in an economic manner. There is also a need for providing users with mobile remote access to network data through a VPN, such that network data does not have to be obtained from discrete, predefined, remote VPN node locations. For example, it would be an advancement in the art to enable a mobile professional to access email messages through a VPN, while the mobile professional is commuting in a moving vehicle from a portable telephone device.